Fix #78719: http wrapper silently ignores long Location headers
When opening HTTP streams, and reading the headers, we currently
discard header lines longer than `HTTP_HEADER_BLOCK_SIZE` (1024 bytes).
While this is not generally forbidden by RFC 7230, section 3.2.5, it
is not generally allowed either, since that may change the "message
framing or response semantics".
We thus fix this by allowing arbitrarily long header lines.
Nikita Popov [Tue, 2 Mar 2021 09:58:35 +0000 (10:58 +0100)]
Fixed bug #80808
If the ZEROFILL flag is set for a field, do not convert it into
an integer (text protocol) or convert it explicitly into a padded
string (binary protocol).
Fix #80751: Comma in recipient name breaks email delivery
So far, `SendText()` simply separates potential email address lists at
any comma, disregarding that commas inside a quoted-string do not
delimit addresses. We fix that by introducing an own variant of
`strtok_r()` which caters to quoted-strings.
We also make `FormatEmailAddress()` aware of quoted strings.
We do not cater to email address comments, and potentially other quirks
of RFC 5322 email addresses, but catering to quoted-strings is supposed
to solve almost all practical use cases.
Tyson Andre [Fri, 26 Feb 2021 14:48:36 +0000 (09:48 -0500)]
Optimize serializing class names
Because of the memcpy, compilers can't infer that ZSTR_LEN (i.e. class_name->len)
did not change, so they copy it out of memory into a register for the last two
accesses.
php_var_serialize_string already does something similar.
Dmitry Stogov [Mon, 1 Mar 2021 10:43:22 +0000 (13:43 +0300)]
Change the order of properties used in foreach(), var_dump(), serialize(), comparison, etc. Now properties are ordered according to their layout in zend_object structure.
Nikita Popov [Mon, 18 May 2020 13:46:06 +0000 (15:46 +0200)]
Reference dynamic functions through dynamic_defs
Currently, dynamically declared functions and closures are inserted
into the function table under a runtime definition key, and then later
possibly renamed. When opcache is not used and a file containing a
closure is repeatedly included, this leads to a very large memory leak,
as the no longer needed closure declarations will never be freed
(https://bugs.php.net/bug.php?id=76982).
With this patch, dynamic functions are instead stored in a
dynamic_func_defs member on the op_array, which opcodes reference
by index. When the parent op_array is destroyed, the dynamic_func_defs
it contains are also destroyed (unless they are stilled used elsewhere,
e.g. because they have been bound, or are used by a live closure). This
resolves the fundamental part of the leak, though doesn't completely
fix it yet due to some arena allocations.
The main non-obvious change here is to static variable handling:
We can't destroy static_variables_ptr in destroy_op_array, as e.g.
that would clear the static variables in a dynamic function when
the op_array containing it is destroyed. Static variable destruction
is separated out for this reason (we already do static variable
destruction separately for normal functions, so we only need to
handle main scripts).
Dmitry Stogov [Fri, 26 Feb 2021 16:27:55 +0000 (19:27 +0300)]
Change the order of properties used for var_dump(), serialize(), comparison, etc.
Now properties are ordered according to their layout in zend_object structure.
Max Semenik [Thu, 25 Feb 2021 10:15:03 +0000 (13:15 +0300)]
run-tests: drop support for ancient Valgrind versions
Valgrind 3.3.0 was released in 2007, not even RHEL has crap older than
this. It could be argued that 3.8.0, released in 2012, could be a safe
cutoff too.
The lack of such a check leads to false-passes of tests on Windows
which expect no output, but produce a segfault or similar issue. I
discovered this a while ago due to bad tests in an extension I maintain.
Nikita Popov [Wed, 24 Feb 2021 10:45:25 +0000 (11:45 +0100)]
Allow pointer to end of memory in IS_UNSERIALIZED()
We already use <= for IS_SERIALIZED(), but the same general
problem can also occur for IS_UNSERIALIZED(). We don't seem to
hit this in practice prior to GH-5595 though.
Max Semenik [Thu, 11 Feb 2021 17:33:03 +0000 (20:33 +0300)]
run-tests: add skip cache
Currently every --SKIPIF-- section in every test file results in 1
extra execution of PHP, every --EXTENSIONS-- section - in 2 executions.
This is quite wasteful, as skip checking code is extremely repetitive
and extensions are fixed for every binary/ini/command parameters
combination.
This patch adds caching to all such checks.
On my machine, the gains are quite noticeable: 36s instead of 43s
with -j16, 292s instead of 337s without concurrency. Cache stats are
3780 hits, 1247 misses in the latter case. In the future, tests could
be adjusted to have more uniform skip checks to improve performance even
more.
Dylan K. Taylor [Mon, 22 Feb 2021 23:56:11 +0000 (23:56 +0000)]
run-tests: fixed exit code not being set on BORKED tests
When no test paths are specified this shows up when 'make test' is used on a PECL extension without specifying tests to run (or in php-src too, I guess...)
Nikita Popov [Tue, 23 Feb 2021 10:46:34 +0000 (11:46 +0100)]
Remove free_chunk API
This API only works in very limited circumstances -- relying on
it will invariably lead to leaks. The correct way to "free" something
from the pool is to use the checkpoint API.
Nikita Popov [Tue, 23 Feb 2021 10:14:51 +0000 (11:14 +0100)]
Fixed bug #80761
When row data split across multiple packets, allocate a temporary
buffer that can be reallocated, and only copy into the row buffer
pool arena once we know the final size. This avoids quadratic
memory usage for very large results.
Cameron Porter [Mon, 15 Feb 2021 04:55:25 +0000 (22:55 -0600)]
Fixed bug #80724
FilesystemIterator::FOLLOW_SYMLINKS is currently treated as a directory
key mode flag, even though it does not change the way that the key
during iteration is set. To address this, FOLLOW_SYMLINKS has been
converted into an OTHER flag.
Darek Slusarczyk [Mon, 22 Feb 2021 10:03:24 +0000 (11:03 +0100)]
Fix #80329: Add option to specify LOAD DATA LOCAL white list folder
* allow the user to specify a folder where files that can be sent
via LOAD DATA LOCAL can exist
* add mysqli.local_infile_directory for mysqli
(ignored if mysqli.allow_local_infile is enabled)
* add PDO::MYSQL_ATTR_LOCAL_INFILE_DIRECTORY for pdo_mysql
(ignored if PDO::MYSQL_ATTR_LOCAL_INFILE is enabled)
* add related tests
* fixes for building with libmysql 8.x
* small improvement in existing tests
* update php.ini-[development|production] files
Fix #75776: Flushing streams with compression filter is broken
First, the `bzip2.compress` filter has the same issue as `zlib.deflate`
so we port the respective fix[1] to ext/bz2.
Second, there is still an issue, if a stream with an attached
compression filter is flushed before it is closed, without any writes
in between. In that case, the compression is never finalized. We fix
this by enforcing a `_php_stream_flush()` with the `closing` flag set
in `_php_stream_free()`, whenever a write filter is attached. This
call is superfluous for most write filters, but does not hurt, even
when it is unnecessary.
Since we do no longer URL decode cookie names[1], we must not URL
encode the session name. We need to prevent broken Set-Cookie headers,
by rejecting names which contain invalid characters.
Nikita Popov [Mon, 22 Feb 2021 09:09:28 +0000 (10:09 +0100)]
Don't resolve special class names
Adjust zend_resolve_class_name() to not resolve special class names.
This avoids the need to only call this function after a preliminary
check for non-default fetch types. Doing so is somewhat fragile
when dynamic class names are involved.
projects / php / log